[Hiring] Senior DevSecOps Engineer @CVS Health

Role Description

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

Position Summary

Who You Are:

• A seasoned security leader with the ability to develop and review code when necessary.
• Deep understanding of foundational software-engineering paradigms.
• Strong passion and thorough understanding of building and operating secure, reliable systems at scale.
• Technical expertise to automate security functions via code, including pipeline and workflow automation.
• Expertise with Application, Cloud, Data, and Network Security best practices.
• Experience with multi-cloud environments, including container/serverless and other microservice architectures.
• Experience with older technology stacks, including mainframes and monolithic architectures.
• Expertise with SDLC, CI/CD tools, Deployment Automation, and pipeline orchestration.
• Expertise with operating security for Windows Server and Linux Server systems.
• Experience with configuration management, version control, and DevOps operational support.
• Experience with implementing security measures for applications and data, understanding unique security requirements of data warehouse technologies.
• Experience with reporting and visualization tools such as Power BI, BigQuery, Tableau, or similar platforms.
• Ability to create and deliver executive-level reporting and dashboards for leadership visibility.

Role Responsibilities:

• Development & Enforcement:
  • Develop and enforce engineering security policies and standards.
  • Develop and enforce data security policies and standards.
  • Drive security awareness across the organization.
• Collaboration & Expertise:
  • Collaborate with Engineering and Business teams to develop secure engineering practices.
  • Serve as the Subject Matter Expert for Application Security.
  • Work with cross-functional teams to ensure security is considered throughout the software development lifecycle.
• Automation & Optimization:
  • Design and implement automated workflows for security processes across CI/CD pipelines.
  • Automate manual reporting tasks by building scripts, dashboards, and integrations.
  • Integrate security controls into CI/CD pipelines.
  • Develop orchestration strategies for pipeline automation using tools like GitHub Actions, Jenkins, or Azure DevOps.
  • Develop and maintain executive-level reporting dashboards using tools like Power BI, Tableau, or BigQuery.
• Analysis & Configuration:
  • Analyze, develop, and configure security solutions across multi-cloud, on-premises, and colocation environments.
  • Lead security testing, vulnerability analysis, and documentation.
• Operational Support:
  • Participate in operational on-call duties to support infrastructure across multiple regions and environments.
  • Develop incident response and recovery strategies.

Qualifications

• 5+ years of experience in developing and deploying security technologies.
• 5+ years with modern SDLC and CI/CD practices, emphasizing pipeline automation and security integration.
• 3+ years remediating vulnerabilities from Static Analysis, Open-Source Scanning, Mobile Scanning, and API Scanning.
• 3+ years of experience with Docker, Kubernetes, Security-as-Code, and Infrastructure-as-Code.
• 3+ years of experience with one or more general-purpose programming/script languages.
• 1+ year of experience building reports and dashboards using visualization tools.

Preferred Qualifications

• Proficiency in Public Cloud (AWS/Azure/GCP) & Network Security.
• Strong experience with implementing and managing data protection measures and compliance with data protection regulations.
• Strong technical expertise with Architecting Public Cloud solutions and processes.
• Strong technical expertise with Networking and Software-Defined Networking (SDN) principles.
• Familiarity with OWASP Application Security Verification Standard.
• Understanding of at least one compliance framework.
• Strong technical expertise with Static Analysis, Open Source Scanning, Mobile Scanning, and API Scanning security solutions.
• Experience creating executive-level reporting and presenting security metrics to leadership.
• Experience building automated reporting solutions using APIs, scripting, and visualization tools.

Education

• A Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience).

Anticipated Weekly Hours

• 40

Time Type

• Full time

Pay Range

The typical pay range for this role is: $83,430.00 - $222,480.00. This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.

Benefits

• Comprehensive benefits package designed to support the physical, emotional, and financial well-being of colleagues and their families.
• Medical, dental, and vision coverage.
• Paid time off.
• Retirement savings options.
• Wellness programs and other resources, based on eligibility.

We anticipate the application window for this opening will close on: 04/28/2026.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.